26 September 2015

The Pentagon’s Next Unclassified Email System May Live in the Cloud

SEPTEMBER 22, 2015


The Defense Department’s IT agency is asking industry about setting up a new email system for its 1.6 million users.

The Pentagon’s next-generation unclassified email systemmay exist entirely in the cloud.

Frank Konkel is the editorial events editor for Government Executive Media Group and a technology journalist for its publications. He writes about emerging technologies, privacy, cybersecurity, policy and other issues at the intersection of government and technology. Frank also runs Nextgov's ...Full Bio

Before it does, the Defense Information Systems Agency – the Pentagon’s information technology arm – wants to gather “information, comments, capabilities and recommendations” from industry stakeholders according to a notice posted this month.

DISA wants to replace its three-year-oldDOD Enterprise Email calendaring and email service capabilities “with a more cost-effective commercial cloud-based service” for more than 1.6 million users. The notice states DOD’s evolving security policies have the Pentagon better prepared than ever to catch up with evolving technologies.

The notice goes on to state that, “While we recognize that shared cloud environments may provide significant opportunities, they also present unique risks to DOD data and systems that must be addressed.”

That suggests the Pentagon is most interested in one of two approaches.

The first is an on-premise deployment approach in which a commercial vendor would offer cloud-based email services from within DOD facilities. In this scenario, DOD emails are stored within DOD facilities and vendors would have to define requirements for hosting data within those facilities.

In the second – and likely more cost-effective – scenario, the commercial vendor would offer cloud-based email and calendaring services from within its own facilities, with a secure connection between DOD networks and the cloud sharing data back and forth. In this scenario, DOD does not have to pay for hardware or managing data centers, which are typically large expenses.

Either scenario must conform with rigorous cybersecurity requirements that govern how DOD handles unclassified information in the cloud.

“We realize that each hosting approach is associated with a number of planning, technical and contracting considerations and we solicit vendor feedback and recommendations on approaches that would maximize effectiveness and cost efficiency,” the notice states.

Vendors and industry stakeholders have until Oct. 15 to respond. DISA officials are likely to use feedback in a potential request for proposals that could follow.

No comments: